RESOLVED WORKSFORME 129498
REGRESSION (r164804): svg/zoom/page/zoom-img-preserveAspectRatio-support-1.html frequently crashes
https://bugs.webkit.org/show_bug.cgi?id=129498
Summary REGRESSION (r164804): svg/zoom/page/zoom-img-preserveAspectRatio-support-1.ht...
Alexey Proskuryakov
Reported 2014-02-28 11:11:26 PST
svg/zoom/page/zoom-img-preserveAspectRatio-support-1.html started to flakily crash yesterday, first time in r164807. <http://trac.webkit.org/r164804> looks like an obvious culprit. http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK2%20(Tests)/r164860%20(16318)/svg/zoom/page/zoom-img-preserveAspectRatio-support-1-crash-log.txt Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001074e06cc WTF::RefPtr<WebCore::Frame>::operator*() const + 12 (RefPtr.h:63) 1 com.apple.WebCore 0x00000001074af15c WebCore::FrameView::frame() const + 28 (FrameView.h:84) 2 com.apple.WebCore 0x0000000107cea092 WebCore::FrameView::scrollToFragment(WebCore::URL const&) + 50 (FrameView.cpp:1803) 3 com.apple.WebCore 0x00000001090bddf9 WebCore::SVGImageForContainer::setURL(WebCore::URL const&) + 41 (SVGImageForContainer.cpp:60) 4 com.apple.WebCore 0x00000001090b8acb WebCore::SVGImageCache::imageForRenderer(WebCore::RenderObject const*) + 395 (SVGImageCache.cpp:97) 5 com.apple.WebCore 0x000000010762875c WebCore::CachedImage::imageForRenderer(WebCore::RenderObject const*) + 316 (CachedImage.cpp:213) 6 com.apple.WebCore 0x0000000108b981f8 WebCore::RenderImageResource::image(int, int) const + 104 (RenderImageResource.cpp:95)
Attachments
Alexey Proskuryakov
Comment 1 2014-02-28 13:56:45 PST
svg/as-background-image/background-image-preserveaspectRatio-support.html too.
Antoine Quint
Comment 2 2014-02-28 14:03:26 PST
I'm not managing to reproduce this on Mavericks running `Tools/Scripts/run-webkit-tests --debug svg/zoom/page/zoom-img-preserveAspectRatio-support-1.html`. Always passes.
Alexey Proskuryakov
Comment 3 2014-02-28 14:41:08 PST
Will it reproduce for you with this invocation? I didn't try myself, as I'm still on an earlier revision. Tools/Scripts/run-webkit-tests --debug -2 --repeat-each 1000 svg/zoom/page/zoom-img-preserveAspectRatio-support.html svg/zoom/page/zoom-img-preserveAspectRatio-support-1.html
Antoine Quint
Comment 4 2014-03-01 01:50:22 PST
(In reply to comment #3) > Will it reproduce for you with this invocation? I didn't try myself, as I'm still on an earlier revision. > > Tools/Scripts/run-webkit-tests --debug -2 --repeat-each 1000 svg/zoom/page/zoom-img-preserveAspectRatio-support.html svg/zoom/page/zoom-img-preserveAspectRatio-support-1.html In this case I do very rare crashes. I think the crash is coming from a NULL frame when we call this line in FrameView::scrollToFragment(): if (!url.hasFragmentIdentifier() && !frame().document()->cssTarget())
Alexey Proskuryakov
Comment 5 2014-03-01 23:44:25 PST
What's the next step here? Does r164804 need to be rolled out? It's important to make the bots green again ASAP, as existing failures make it much more difficult to spot future unrelated regressions.
Antoine Quint
Comment 6 2014-03-02 09:59:25 PST
(In reply to comment #5) > What's the next step here? Does r164804 need to be rolled out? > > It's important to make the bots green again ASAP, as existing failures make it much more difficult to spot future unrelated regressions. We're tracking a slightly different approach to fix https://bugs.webkit.org/show_bug.cgi?id=129387 which would also prevent this crash. I hope to have a revised patch out tomorrow at the latest, but I can't promise when it'd be get in the tree.
Antoine Quint
Comment 7 2014-03-03 02:04:03 PST
(In reply to comment #6) > (In reply to comment #5) > > What's the next step here? Does r164804 need to be rolled out? > > > > It's important to make the bots green again ASAP, as existing failures make it much more difficult to spot future unrelated regressions. > > We're tracking a slightly different approach to fix https://bugs.webkit.org/show_bug.cgi?id=129387 which would also prevent this crash. I hope to have a revised patch out tomorrow at the latest, but I can't promise when it'd be get in the tree. Patch that should prevent this crash is now attached to https://bugs.webkit.org/show_bug.cgi?id=129387.z
Antoine Quint
Comment 8 2014-03-03 03:52:41 PST
Hopefully, https://trac.webkit.org/r164983 fixes this flakiness.
Alexey Proskuryakov
Comment 9 2014-03-03 09:18:55 PST
Thank you! I'll re-open if I see this happen again.
Note You need to log in before you can comment on or make changes to this bug.